Class AbstractRequestParameterAllowFromStrategy

java.lang.Object
org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
All Implemented Interfaces:
AllowFromStrategy
Direct Known Subclasses:
RegExpAllowFromStrategy, WhiteListedAllowFromStrategy

@Deprecated public abstract class AbstractRequestParameterAllowFromStrategy extends Object implements AllowFromStrategy
Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
Base class for AllowFromStrategy implementations which use a request parameter to retrieve the origin. By default the parameter named x-frames-allow-from is read from the request.
Since:
3.2
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected final org.apache.commons.logging.Log
    Deprecated.
    Logger for use by subclasses
  • Method Summary

    Modifier and Type
    Method
    Description
    protected abstract boolean
    allowed(String allowFromOrigin)
    Deprecated.
    Method to be implemented by base classes, used to determine if the supplied origin is allowed.
    getAllowFromValue(jakarta.servlet.http.HttpServletRequest request)
    Deprecated.
    Gets the value for ALLOW-FROM excluding the ALLOW-FROM.
    void
    setAllowFromParameterName(String allowFromParameterName)
    Deprecated.
    Sets the HTTP parameter used to retrieve the value for the origin that is allowed from.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Field Details

    • log

      protected final org.apache.commons.logging.Log log
      Deprecated.
      Logger for use by subclasses
  • Method Details

    • getAllowFromValue

      public String getAllowFromValue(jakarta.servlet.http.HttpServletRequest request)
      Deprecated.
      Description copied from interface: AllowFromStrategy
      Gets the value for ALLOW-FROM excluding the ALLOW-FROM. For example, the result might be "https://example.com/".
      Specified by:
      getAllowFromValue in interface AllowFromStrategy
      Parameters:
      request - the HttpServletRequest
      Returns:
      the value for ALLOW-FROM or null if no header should be added for this request.
    • setAllowFromParameterName

      public void setAllowFromParameterName(String allowFromParameterName)
      Deprecated.
      Sets the HTTP parameter used to retrieve the value for the origin that is allowed from. The value of the parameter should be a valid URL. The default parameter name is "x-frames-allow-from".
      Parameters:
      allowFromParameterName - the name of the HTTP parameter to
    • allowed

      protected abstract boolean allowed(String allowFromOrigin)
      Deprecated.
      Method to be implemented by base classes, used to determine if the supplied origin is allowed.
      Parameters:
      allowFromOrigin - the supplied origin
      Returns:
      true if the supplied origin is allowed.